This is an automated email from the ASF dual-hosted git repository. yong pushed a commit to branch branch-2.8 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 6089daaefd2dd89ac00eb92f4c2ea5e9a1c1739f Author: Nicolò Boschi <[email protected]> AuthorDate: Mon Feb 7 10:04:22 2022 +0100 [security] Upgrade Postgre driver to 42.2.25 to get rid of CVE-2022-21724 (#14119) http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21724 Upgrade both `jdbc` and `debezium` Postgre java driver dependency to 42.2.25 (from 42.2.24 and 42.2.22). Note: the version is not shared on purpose because we should leave the driver dependencies separated since the two connectors are used in different ways. (For example, when we'll upgrade Debezium to 1.8.x we'll need to remove the override and keep the 42.3.x version) For cherry-picks, branch-2.9 and branch-2.8 are compatible since: * branch-2.9 has the same debezium version * branch-2.8 has 1.0.0 but it uses [pg driver 42.2.x](https://search.maven.org/artifact/io.debezium/debezium-parent/1.0.0.Final/pom) as well - [x] `no-need-doc` (cherry picked from commit 64818458727df20384463bbedf9cb7c92c0f9216) --- pom.xml | 3 ++- pulsar-io/debezium/postgres/pom.xml | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 22b29c0..beb9732 100644 --- a/pom.xml +++ b/pom.xml @@ -148,7 +148,7 @@ flexible messaging model and an intuitive client API.</description> <jclouds.version>2.3.0</jclouds.version> <sqlite-jdbc.version>3.8.11.2</sqlite-jdbc.version> <mysql-jdbc.version>8.0.11</mysql-jdbc.version> - <postgresql-jdbc.version>42.2.12</postgresql-jdbc.version> + <postgresql-jdbc.version>42.2.25</postgresql-jdbc.version> <clickhouse-jdbc.version>0.2.4</clickhouse-jdbc.version> <mariadb-jdbc.version>2.6.0</mariadb-jdbc.version> <hdfs-offload-version3>3.3.0</hdfs-offload-version3> @@ -157,6 +157,7 @@ flexible messaging model and an intuitive client API.</description> <scala.binary.version>2.11</scala.binary.version> <scala-library.version>2.11.12</scala-library.version> <debezium.version>1.0.0.Final</debezium.version> + <debezium.postgresql.version>42.2.25</debezium.postgresql.version> <jsonwebtoken.version>0.11.1</jsonwebtoken.version> <opencensus.version>0.18.0</opencensus.version> <hbase.version>2.3.0</hbase.version> diff --git a/pulsar-io/debezium/postgres/pom.xml b/pulsar-io/debezium/postgres/pom.xml index d7ba5fc..e5f0090 100644 --- a/pulsar-io/debezium/postgres/pom.xml +++ b/pulsar-io/debezium/postgres/pom.xml @@ -44,6 +44,13 @@ <version>${debezium.version}</version> </dependency> + <dependency> + <groupId>org.postgresql</groupId> + <artifactId>postgresql</artifactId> + <version>${debezium.postgresql.version}</version> + <scope>runtime</scope> + </dependency> + </dependencies> <build>
